Urgent !!!!! Server Under Attack

jotay

Member
Oct 11, 2005
18
0
151
Hi, One of my webpage has been haked ........

How i can deny access to one or more IP to my server ?

this is a log:

The remote system 193.202.89.64 was found to have exceeded acceptable login failures on your server; there was 204 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.


THIS IS OTHER LOG !!! :


Security Violations
=-=-=-=-=-=-=-=-=-=
Apr 4 16:58:15 matrix1 sshd(pam_unix)[23289]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.156.103.134 user=root
Apr 4 16:58:15 matrix1 sshd(pam_unix)[23288]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.156.103.134 user=root
Apr 4 16:58:15 matrix1 sshd(pam_unix)[23290]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.156.103.134 user=root
Apr 4 16:58:15 matrix1 sshd(pam_unix)[23286]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.156.103.134 user=root
Apr 4 16:58:15 matrix1 sshd(pam_unix)[23285]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.156.103.134 user=root
Apr 4 16:58:17 matrix1 kernel: audit(1144184297.923:7722084): user pid=23288 uid=0 auid=0 msg='PAM authentication: user=root exe="/usr/sbin/sshd" (hostname=217.156.103.134, addr=217.156.103.134, terminal=ssh result=Authentication failure)'
Apr 4 16:58:17 matrix1 kernel: audit(1144184297.924:7722106): user pid=23290 uid=0 auid=0 msg='PAM authentication: user=root exe="/usr/sbin/sshd" (hostname=217.156.103.134, addr=217.156.103.134, terminal=ssh result=Authentication failure)'
Apr 4 16:58:17 matrix1 kernel: audit(1144184297.934:7722166): user pid=23286 uid=0 auid=0 msg='PAM authentication: user=root exe="/usr/sbin/sshd" (hostname=217.156.103.134, addr=217.156.103.134, terminal=ssh result=Authentication failure)'
Apr 4 16:58:17 matrix1 kernel: audit(1144184297.935:7722188): user pid=23285 uid=0 auid=0 msg='PAM authentication: user=root exe="/usr/sbin/sshd" (hostname=217.156.103.134, addr=217.156.103.134, terminal=ssh result=Authentication

THIS IS OTHER LOG:

The remote system 217.156.103.134 was found to have exceeded acceptable login failures on your server; there was 40 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.

PLEASE HELP !!!!!!!!!